An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests.
|
|
| ID | CAPEC-131 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 131 |
| Abstraction | Meta |
| Status | Stable |
| Alternate Terms | |
| Likelihood Of Attack | Medium |
| Typical Severity | Medium |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | ::The target must have a resource leak that the adversary can repeatedly trigger.:: |
| Skills Required | |
| Resources Required | ::None: No specialized resources are required to execute this type of attack.:: |
| Indicators | |
| Consequences | ::SCOPE:Availability:TECHNICAL IMPACT:Unreliable Execution:TECHNICAL IMPACT:Resource Consumption:NOTE:A successful resource leak exposure attack compromises the availability of the target system's services.:: |
| Mitigations | ::If possible, leverage coding language(s) that do not allow this weakness to occur (e.g., Java, Ruby, and Python all perform automatic garbage collection that releases memory for objects that have been deallocated).::Memory should always be allocated/freed using matching functions (e.g., malloc/free, new/delete, etc.)::Implement best practices with respect to memory management, including the freeing of all allocated resources at all exit points and ensuring consistency with how and where memory is freed in a function.:: |
| Example Instances | |
| Related Weaknesses | ::404:: |
| Taxonomy Mappings | TAXONOMY NAME:ATTACK:ENTRY ID:1499:ENTRY NAME:Endpoint Denial of Service::::TAXONOMY NAME:WASC:ENTRY ID:10:ENTRY NAME:Denial of Service:: |
| Notes | |